More Joker-Infected Apps, And Phishing Campaign Through LinkedIn Was Found

The Joker

Android is a very capable operating system, and it's also very popular due to the amount of customization users can do with it.

However, the operating system is often riddled with privacy and security issues that come from the official Google Play Store itself. The Joker malware is one example, and among the most notorious because of how it can drain bank accounts once they are installed.

As a trojan, the Joker can infiltrate victims phone, to then sign them up for expensive subscription services without their consent or knowledge.

Tatyana Shishkova, a malware analyst at security firm Kaspersky has found seven more of Joker-infected apps in the Google Play Store. They include:

  1. Now QRcode Scan - Over 10,000 installs
  2. EmojiOne Keyboard - Over 50,000 installs.
  3. Battery Charging Animations Battery Wallpaper - Over 1,000 installs.
  4. Dazzling Keyboard - Over 10 installs.
  5. Volume Booster Louder Sound Equalizer - Over 100 installs.
  6. Super Hero-Effect - Over 5,000 installs.
  7. Classic Emoji Keyboard - Over 5,000 installs.

Together, these 7 apps have been downloaded by more than 50,000 users.

While the apps have been removed from the Google Play Store, that doesn't mean that they are automatically removed from phones that have installed them, or ended their scam subscription services.

Android users need to know whether they have downloaded the said apps, and if so, remove them.

They also need to end the apps' subscription manually.

To prevent malicious apps from getting to users' phones, users need to install apps that are developed only by known and famous developers. Always avoid installing apps from unknown developers, or install those apps with poor review and bad comments.

Always look for red flags.

While these may not guarantee that malware won't ever get installed, taking precautions should definitely reduce the chances significantly.

Another campaign that Kaspersky found, piggybacked LinkedIn's brand name.

It has long been known that people use LinkedIn because they want to reach the companies they want to reach. Businesses also use LinkedIn to look for talents and also employees, among other reasons.

Because of this, some bad actors are leveraging that fact to conduct their malicious campaign on the employment-oriented online service.

LinkedIn phishing

According to Kaspersky in a blog post, malicious actors are sending messages from LinkedIn, and made the messages to appear as if they were sent from legitimate companies, when it fact, they are specifically tailored to phish.

In its report, Kaspersky shows an example of a message sent via LinkedIn from an apparent Arabian businessman. The message, which supposedly includes a photo of the sender, asks the recipient if he'd like to do business with him.

Clicking on the link on the message will bring up what looked like a real LinkedIn login page.

This web page is a fake, and is meant to harvest LinkedIn users' login credentials as soon as they are submitted.

Kaspersky also mentioned another phishing attempt, also riddled with apparent typos.

In yet another news, two more Android apps were also riddled with the Joker. The apps that were called the Smart TV Remote and Halloween Coloring have also been removed from Google's Play Store.